pfsense:suricata:install_suricata:configure_global_settings
This is an old revision of the document!
Table of Contents
PFSense - Suricata - Install Suricata - Configure Global Settings
Enable Rule Download
Enter settings to download Snort and ET rules.
Navigate to Services → Suricata → Global Settings.
In Please Choose The Type Of Rules You Wish To Download:
- Install ETOpen Emerging Threats rules: Checked.
- Install ETPro Emerging Threats rules: Not Checked.
- ETPro Subscription Configuration Code: <blank>.
- Install Snort rules: Checked.
- Snort Rules Filename: snortrules-snapshot-29170.tar.gz.
- Snort Oinkmaster Code: Set this to your personal Oinkmaster Code obtained from your snort account page.
- Install Snort GPLv2 Community rules: Checked.
- Hide Deprecated Rules Categories: Not Checked.
NOTE: Obtain the Oinkcode by logging into Snort
Register a free account if needed.
This is found by clicking on your login email address.
Generate a code if needed.
</WRAP>
In Rules Update Settings:
- Update Interval: 6 Hours.
- Update Start Time: 00:10. The default.
- Live Rule Swap on Update: Checked.
- GeoLite2 DB Update: Checked.
- GeoLite2 DB License Key: Enter your personal MaxMind GeoLite2 DB key.
In General Settings:
- Remove Blocked Hosts Interval: 1 Hour
- Log to System Log: Not Checked.
- Keep Suricata Settings After Deinstall: Checked.
Manually update the rules
Navigate to Services → Suricata → Updates.
Click Update.
References
pfsense/suricata/install_suricata/configure_global_settings.1610719317.txt.gz · Last modified: 2021/01/15 14:01 by peter